Mautic Community Forums

Amazon SES danger!

Hi all
I just wanted to add some bad experience using mautic with Amazon SES.
We have integrated SES with mautic and everything worked fine. Suddenly we have received a mail from Amazon SES and put our sending “suspended”. They said that this was to protect us because we were doing spam. They asked for some few points to change (not very clear for us) and some info requested to demonstrate how we were getting our contact info. We changed many things some that make sense and some others that were really tough. We have more than one domain and mautic is launching mails from the marketing(mautic) domain. The worse was to solve their view that the domain did not match with the content, that is not true. domain name has the name emebbedded of the main topic in our mails. We also demonstrate that we get info with a form where people has to explicit agree GDPR law acceptance and also have the google captcha.
Then they have restarted as active and sending again (+7 days after).
Suddenly they stopped again the ability to send (we did not change anything) and did it for ever. They. closed the open incident. No way to solve now the issues that we do not know what they are.
This is an Alert for everyone that you can experience this as we have had and we are lucky because we are using mautic to provide marketing automation for ourselves, but we can not imagine what would have been the disaster if we were providing services to another company.
Now you know the risks using Amazon SES.

2 Likes

I can understand the reason why some would use Amazon SES, but I rather build my own mail server myself to avoid stories that touch. Sorry for the experience, and I hope you find something better.

Well. Up to now we are using our standard mail service in the hosting that allows us to send 200 mails/hour. It is a pity as sometimes we got some problems with the limit and some mails failed.
We tried to get a mail users without limitation but they are Microsoft Exchange (in our hosting provider) and Mautic can not be integrated with it because Exchange do not allow sending mails xxxx+address@domain.com :frowning:
I am still looking to find better solution. It would be wonderful to find other opensource like mautic as mail server :slight_smile:

Ha, I see, 200 emails per hour isn’t a bad deal for beginners, there are lots of good open-source alternatives, and an example of such is modoboa (extensible), iredmail (extensible), mail-in-a-box (not extensible). I’ll recommend modoboa, really easy to setup.

Hi,

I love amazon SES, and this is what really happened to you:

First of all I’ve been working with amazon SES a lot (a lot a lot) and had very bad experience in the first time. But with time I understood how to deal with them. They are a volume provider, and it means, the customer support consists of brutes, who just insert canned responses into their replies.

The bad customer service comes from the fact, that they have to work with lots of spammers. To keep their IP range clean is actually for your benefit. And if you are a good sender, you have nothing to worry about. Since spammers keep creating new accounts Amazon learned not to disclose too much how they ‘noticed you’ and what one did do wrong. They won’t help spammers learn from their mistakes. This is why their answers are short, cold and factual with no explanations.

You mentioned the followings:

Suddenly we have received a mail from Amazon SES and put our sending “suspended”. They said that this was to protect us because we were doing spam.

What really happened:
Amazon check exactly what post office messages are coming back from your delivery and evaluates it without letting you know. Your activity impacted the IP pool quality and you landed on their radar. Most likely spam filters filtered your messages out, and started to send warning to amazon. This happens if your content looks spammy or smells like affiliate marketing for any of spam filters. Or if you sent to any honeypot or spamtrap. This usually happens if you rented/purchased/scraped your lists.

If you are not 100% a spammer they are nice and give you one more chance, and this is what has happened:

They asked for some few points to change (not very clear for us) and some info requested to demonstrate how we were getting our contact info. We changed many things some that make sense and some others that were really tough.

Amazon only asks you to have subscribe form, TOS and Privacy Policy, but that is really the minimum I think. Shouldn’t be that hard if you are a good sender.

We have more than one domain and mautic is launching mails from the marketing(mautic) domain. The worse was to solve their view that the domain did not match with the content, that is not true. domain name has the name emebbedded of the main topic in our mails. We also demonstrate that we get info with a form where people has to explicit agree GDPR law acceptance and also have the google captcha.

The problem with this is, that you serve one domain with may mautics. You should not do that. It is anyway bad for inboxing, because all your domains will affect the sending domain’s (mautic) reputation. One of them is ‘sick’, any domain that was connected will be quarantined by Spamhouse, Barracuda, and start to tell on you to Amazon. This is what probably happened.
Next time better set up cross domain tracking, where you create a CNAME for your tracked domain and point to to your mautic. So your sending domain (mautic) is not shown.

Then they have restarted as active and sending again (+7 days after).
Suddenly they stopped again the ability to send (we did not change anything) and did it for ever. They. closed the open incident. No way to solve now the issues that we do not know what they are.

You again hit the spamfilters and Amazon decided that the content you are sending is not welcome. It is also possible, that you tried to access your amazon console from a proxy, that is on amazon’s ban list or you tried to re-register with this computer/email/phone number/credit card, which is against their rules.

This is an Alert for everyone that you can experience this as we have had and we are lucky because we are using Mautic to provide marketing automation for ourselves, but we can not imagine what would have been the disaster if we were providing services to another company.
Now you know the risks using Amazon SES.

Just because you don’t think you are sending spam, it doesn’t mean you didn’t. Did all of your contacts double opted in? When you subscribed, you accepted, that you will send email to those people, who especially requested it.

Get rich fast / Lose weight / Apply to grants / Work from home / Covid related topics are especially under microscope these days.

If you send good content to people, who requested it, you are in no means in danger.

I would be really curious what did you send. :slight_smile:

I have an article on my knowledge base: How not to get banned on Amazon SES.

2 Likes

First of all I really appreciate that you have take so much time to answer.
I have to said that many of the things that you pointed out were not my case. When the first time I was suspended I make a deep research of the reputation status and we were not included in these black lists, our mails are as we like and our contacts wanted. Because of our kind of business we do not want contacts that are not interested in our content. So no rental no buy DDBB or things like that… IN fact we still sending our mails without problems and they are passing hotmail and gmail filters… so I do not think the problem comes from spaming but perhaps Amazon rules that I am ok but you know… it is our information giving to people that want to know it… Amazon can not say that perhaps our mails are too much formal…
Anyhow we will look for other solution and I only wanted advise other people to do not have the same problems than us
Thank you again
Regards

I was trying to see your recommendation modoboa, but only saw a try. demo/test. I do not see how to install or how to configure it to be used… :frowning:

It is fairly straight forward, there are plentiful of tutorials online, so, google it. I contributed a guide about installing it to a major cloud hosting provider, but it’s not live yet, I would have shared :slight_smile:

I have a hosting in OVH where my mautic is by the way :slight_smile:
So your installation guide will be really appreciated

I use Postal as a mail server with ip rotation, pretty good. And open source too. Plenty of guides.

Good luck to you.

We had a similar experience with SES and Mautic, although we were using the same SES account (we set it up prior to the IAM service, so everything was based on a single set of account credentials) for a number of different services. We got a similar suspension for reports of sending spam. We were surprised, as we’re not selling anything via Mautic (we’re using it to send instructions to our online learners, who have to “double opt-in” to receive our emails, to ensure we’re GDPR compliant). Turns out that one of our more obscure (and less well maintained) services had been compromised and the SES credentials taken: our account was sending spam.

To mitigate it, we set up a separate account for each of our services, so that if any one was compromised, we’d know which one it was. Having done that, using IAM, we petitioned SES to be reinstated. We were (eventually) and we haven’t had issues since. And I love seeing our AWS invoices each month: $1-$5 :slight_smile: